List Identifier Groups Events
DEPRECATED: This endpoint should be replaced by /firework/v4/events/identifier_groups/{identifier_group_id}/_search
Authorizations
Bearer authentication header of the form Bearer <token>
, where <token>
is your auth token.
Path Parameters
Query Parameters
Fields to includes in the results in a dotted form. For example, "data.actor_name" will include items similar to:json "items": [{ "data": { "actor_name": "Seller123" } }]
By default, all fields are included in the response.
The time
parameter is used to limit results to those found in the provided time span.
Expected format : from@to
Example value : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z
The size
parameter is used to limit the number of results returned for the search query.
The search_after
parameter is used to paginate through results.
To get the first page of results, omit this parameter. Afterward, include the search_after
parameter in your next request with the latest response's search_after
value to get the next page of results.
The from
parameter is used to paginate through results.
To get the first page of results, omit this parameter. Afterward, include the from
parameter in your next request with the latest response's next
value to get the next page of results.
User defined tags used to filter search results
User defined operator to apply to tags filter
Type of activities to search through.
Expected values : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, chat_message/telegram, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, illicit_networks, open_web, domains, leaks, social_media_account, social_media_profile, social_media_post, social_media, source_code, source_code_secrets, source_code_files, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, ad, ads, experimental
Some search types contain others
- illicit_networks: seller, listing, bot, ransomleak, forum_profile, forum_post, forum_topic, financial_data, blog_post, chat_message, stealer_log
- open_web: paste, bucket, google, bucket_object, source_code_files, social_media, stack_exchange, source_code_secrets, service
- leaks: leak
- domains: domain
Type of experimental activities to search through.
default
, ignored
, remediated
, risk_score_edited
, exclude_ignored
, ignored_or_remediated
asc
, desc
created
, indexed
, updated
, alertable-materialized
, materialized
, searchable
The time zone used to compute the statistics.
Query used to filter results. Search query uses the Lucene query syntax.
Response
Was this page helpful?